diff options
author | Achilleas Pipinellis <axil@gitlab.com> | 2017-12-12 19:22:47 +0100 |
---|---|---|
committer | Achilleas Pipinellis <axil@gitlab.com> | 2017-12-12 19:25:48 +0100 |
commit | 94b5ef91f5bf47fe30ae30e964fb5c8b033874ee (patch) | |
tree | a00597b8314dfd6579b762ef283680a8ba84a15e | |
parent | 971584513ce4ec44563dbe1a47567c4da8e47105 (diff) | |
download | gitlab-ce-docs/sast.tar.gz |
Clear up sast docsdocs/sast
-rw-r--r-- | doc/ci/examples/sast.md | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/doc/ci/examples/sast.md b/doc/ci/examples/sast.md index 43c0a6823a5..2ff294b71ae 100644 --- a/doc/ci/examples/sast.md +++ b/doc/ci/examples/sast.md @@ -1,11 +1,12 @@ # Static application security testing with GitLab CI/CD This example shows how to run -[static application security testing](https://en.wikipedia.org/wiki/Static_program_analysis) +[Static Application Security Testing (SAST)](https://en.wikipedia.org/wiki/Static_program_analysis) on your project's source code by using GitLab CI/CD. -All you need is a GitLab Runner with the Docker executor. You can then add a -new job to `.gitlab-ci.yml`, called `sast`: +All you need is a GitLab Runner with the Docker executor (the shared Runners on +GitLab.com will work fine). You can then add a new job to `.gitlab-ci.yml`, +called `sast`: ```yaml sast: @@ -16,6 +17,13 @@ sast: paths: [gl-sast-report.json] ``` +NOTE: **Note:** +For GitLab [Enterprise Edition Ultimate][ee] users, this information can +be automatically extracted and shown right in the merge request widget. +To do so, the CI job name must be `sast` and the artifact path must be +`gl-sast-report.json`. +[Learn more on application security testing results shown in merge requests](https://docs.gitlab.com/ee/user/project/merge_requests/sast.html). + Behind the scenes, the [gl-sast Docker image](https://gitlab.com/gitlab-org/gl-sast) is used to detect the language/framework and in turn runs the matching scan tool. @@ -30,11 +38,6 @@ The results are sorted by the priority of the vulnerability: 1. Unknown 1. Everything else -NOTE: **Note:** -For GitLab [Enterprise Edition Ultimate][ee] users, this information can -be automatically extracted and shown right in the merge request widget. -[Learn more on application security testing results shown in merge requests](https://docs.gitlab.com/ee/user/project/merge_requests/sast.html). - ## Supported languages and frameworks The following languages and frameworks are supported. |